The Week in Ransomware – October 8th 2021 – Making arrrests

This week’s big news is the arrests of two ransomware operators in Ukraine responsible for hundreds of attacks targeting organizations worldwide.

The US is also proposing new bills and initiatives to force companies to disclose ransom payments and government contractors to disclose breaches.

Under the new Civil Cyber-Fraud Initiative, the US DOJ will allow government contractors to be sued if they don’t report a breach or fail to meet required cybersecurity standards.

A new ‘Ransom Disclosure Act’ bill has been introduced to require any ransomware victims to report ransom payments within 48 hours.

Finally, some of the ransomware attacks revealed this week include SandHills Global, Weir Group, and we finally have confirmation that Cox Media Group was attacked in June.

Contributors and those who provided new ransomware information and stories this week include:

October 2nd 2021

Sandhills online machinery markets shut down by ransomware attack

Industry publication giant Sandhills Global has suffered a ransomware attack, causing hosted websites to become inaccessible and disrupting their business operations.

October 3rd 2021

New STOP Ransomware variant

dnwls0719 found a new STOP ransomware variant that appends the .tisc extension.

October 4th 2021

Ransomware operators behind hundreds of attacks arrested in Ukraine

Europol has announced the arrest of two men in Ukraine, said to be members of a prolific ransomware operation that extorted victims with ransom demands ranging between €5 to €70 million.

New Atom Silo ransomware targets vulnerable Confluence servers

Atom Silo, a newly spotted ransomware group, is targeting a recently patched and actively exploited Confluence Server and Data Center vulnerability to deploy their ransomware payloads.

October 5th 2021

Ransomware gang encrypts VMware ESXi servers with Python script

Operators of an unknown ransomware gang are using a Python script to encrypt virtual machines hosted on VMware ESXi servers.

October 6th 2021

U.S. govt to sue contractors who hide breach incidents

Under the new Civil Cyber-Fraud Initiative that the U.S. Department of Justice announced today, government contractors are accountable in a civil court if they don’t report a breach or fail to meet required cybersecurity standards.

Ransom Disclosure Act would give victims 48 hours to report payments

Victims of ransomware attacks in the United States may soon have to report any payments to hackers within 48 hours, according to a new legislation proposal titled the ‘Ransom Disclosure Act’.

BabyDuck Ransomware

xXToffeeXx found a “BabyDuck” ransomware that uses the .babyduck extension and drops a ransom note named #README.babyduck. No this is not a joke.

October 7th 2021

FIN12 hits healthcare with quick and focused ransomware attacks

It can take less than two days for the FIN12 gang to execute on the target network a file-encrypting payload – most of the time Ryuk ransomware.

October 8th 2021

Engineering giant Weir Group hit by ransomware attack

Scottish multinational engineering firm Weir Group has disclosed an “attempted ransomware attack” that led to “significant temporary disruption” in September.

Russian orgs heavily targeted by smaller tier ransomware gangs

Even though American and European companies enjoy the lion’s share of ransomware attacks launched from Russian ground, companies in the country aren’t spared from having to deal with file encryption and double-extortion troubles of their own.

Cox Media Group confirms ransomware attack that took down broadcasts

American media conglomerate Cox Media Group (CMG) confirmed that it was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021.

That’s it for this week! Hope everyone has a nice weekend!

NOTE:: This article is copyright by and we are using it for educational or Information purpose only

The Best Ransomware Protection for 2021